Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SLOT
  • CASINO
  • SPORTSBET
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SLOT
  • CASINO
  • SPORTSBET
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»VFAT SICKLE Audit Summary -Ackee Blockchain
HACKING NEWS

VFAT SICKLE Audit Summary -Ackee Blockchain

By Crypto FlexsMay 16, 20254 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
VFAT SICKLE Audit Summary -Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email

VFAT is a yield Agrigator that uses the Natt Smart Contract Wallet for yield agriculture. Reduce complex tasks such as input and termination, complex or re -adjustment in the position.

VFAT conducted a security review of the VFAT protocol as a total time donation of 18 engineering days in the period between March 4 and March 28, 2025 to participate in Ackee Blockchain Security. Then the second security review focused on modifications of the problem found in the first security review. Other code changes were not thankful.

We are grateful for the optimism that approves subsidies that are partially funded for this and the second audit of VFAT.

methodology

We started reviewing using static analysis tools, including Wake. Then I dive about the logic of the contract.

During the review, we paid special attention later.

  • The arithmetic guarantee of the system is correct.
  • Reinvision detection possible in the code;
  • Safety confirmation of using delegateCall;
  • Access control is not too comfortable or strict.
  • Accuracy confirmation of implementation of the possibility of upgrade; and
  • We are looking for common problems such as data verification.

range

The first audit was performed for the commit. 357593f And the range is as follows:

  • contracts/Automation.sol
  • contracts/ConnectorRegistry.sol
  • contracts/NftSettingsRegistry.sol
  • contracts/PositionSettingsRegistry.sol
  • contracts/Sickle.sol
  • contracts/SickleFactory.sol
  • contracts/SickleRegistry.sol
  • contracts/governance/SickleMultisig.sol
  • contracts/libraries/FeesLib.sol
  • contracts/libraries/NftSettingsLib.sol
  • contracts/libraries/NftTransferLib.sol
  • contracts/libraries/PositionSettingsLib.sol
  • contracts/libraries/SwapLib.sol
  • contracts/libraries/TransferLib.sol

For completeness, we had to review the following parent contracts.

  • base/Admin.sol
  • base/Multicall.sol
  • base/NonDelegateMulticall.sol
  • base/SickleStorage.sol
  • base/TimelockAdmin.sol

The revision review was performed in a given commit. 1c20e7e.

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. wAnnings or menFormational Severe rating.

Our review results have emerged 31 resultsIt ranges from information to seriousness. The most serious discovery H1 allows administrators (malignant or damage) to drain all user wallets. Intermediate severity problem M1 can be executed in full execution. setReferralCode function. Most of the results are warnings that refer to a variety of omissions, code quality issues and exemplary cases.

The second security review was limited to the problems found in the first security review, and no other code change was not appreciated. Twenty problems were solved, three problems were partially fixed, seven problems were recognized, and H1 was invalidated by VFAT. Read more information in the entire audit report linked to the end of the article.

Threshold

There was no important serious problem.

The severity is high

H1: White list callers can perform delegateCall in all humility.

Intermediate

M1: Recommended code setter can be a front run run

Low severity

L1: Non -contract registration agencies can go back

Significance of warning

W1: Incomplete data verification for NFT location

W2: Duplicate bottle search

W3: Potential underflow or overflow of tic range calculation

W4: Variable Shadow

W5: Insufficient data verification PositionSettingsRegistry contract

W6: Incorrect price calculations in POSITSETTINGSREGISTRY

W7: Incorrect use of initialization

W8: Variable name rules

W9: Step 1 ownership transfer

W10: Featokens’ duplicate tokens can lead to inconsistent fee calculations.

W11: ETH and WETH’s inconsistent handling over the Feeslib contract

W12: ambiguous handling of basic value in Swaplib contract

W13: Inheritance with misunderstanding

W14: Input array length validation verification

W15: There is no data verification in the addition and update of the registry

W16: The zero address verification has been missing

Information seriousness

I1: Duplicate Code

I2: Use of magic constant

i3: Definition of unified storage variables

I4: duplicate storage variable

i5: mapping isCustomRegistry Duplicate

I6: Unconsistent functional name rules

i7: Error in the printing of the functional commentary

i8: Odo error name

I9: Unused errors

I10: Duplicate function

I11: Duplicate registry validation has been missing

i12: Error of Document

Trust model

This protocol must trust the manager who controls important parameters (fare, white list, connector update) and automatically running the task on behalf of himself. The user maintains the centralized control point while the user controls the Nat instance and the location settings. Trust risks are partially relaxed through hard -coded limits and multi -IG requirements. However, users must accept the risk of centralized control and potential trading manipulation of automatic devices that can control transaction timing.

conclusion

AcKee Blockchain Security recommends VFAT.

    • Set off chain monitoring for the following purposes M1 find; and
    • Solve all other reports.

You can find the entire VFAT SICKLE audit report of AcKee Blockchain Security. here.

We are pleased to thank VFAT and expect to work again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

UXLINK attackers mix stolen assets and have drained $ 43 million by phishing

September 29, 2025

YouTube Star MR BEAST Scoops 3 Days Purchase SPREE ASTER in SPREE

September 27, 2025

Detect the full execution bug with the induction pursing of Wake

September 25, 2025
Add A Comment

Comments are closed.

Recent Posts

The reason why hyper clicade wins aster with Perp DEX, which can be most invested.

October 3, 2025

Psy Protocol Testnet Combines Internet Scale And Speed With Bitcoin-Level Security

October 2, 2025

Eightco Holdings Inc. ($ORBS) Expands Investor Access With Options Trading

October 2, 2025

How To Use A Bitcoin Heatmap For Smarter Trading Decisions

October 2, 2025

Pioneer the future of digital innovation throughout Web2 and Web3

October 2, 2025

Codego Launches Whitelabel Devices Bringing Tokens Into Daily Life

October 2, 2025

Ethereum Future is an execution of stablecoins and tokenized assets -then you need to know:

October 2, 2025

Crypto Exchange Rollish is expanded to 20 by NY approved.

October 2, 2025

The throat is falling, but the jupnet and ajup spark recovery reduce the potential

October 2, 2025

Korean Billion-Dollar Megafranchise Goes Onchain With Story

October 1, 2025

After Hyperliquid And Aster, The Next Major DEX Powering The Sui Blockchain – SuiDEX

October 1, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

The reason why hyper clicade wins aster with Perp DEX, which can be most invested.

October 3, 2025

Psy Protocol Testnet Combines Internet Scale And Speed With Bitcoin-Level Security

October 2, 2025

Eightco Holdings Inc. ($ORBS) Expands Investor Access With Options Trading

October 2, 2025
Most Popular

Bitcoin SV (BSV) has surpassed $100.

January 2, 2024

SEI Community Airdrop: 27 million SEI tokens distributed to active users

May 29, 2024

Terraform Labs’ leader extradited to US after court ruling

February 21, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.